CVE-2025-34299

Name of the Vulnerable Software and Affected Versions Monsta FTP versions 2.11 and earlier Monsta FTP versions prior to 2.11.3

Description Monsta FTP versions 2.11 and earlier contain a critical vulnerability that allows unauthenticated arbitrary file uploads, leading to remote code execution. Attackers can exploit this flaw by uploading a specially crafted file from a malicious (S)FTP server, potentially gaining full control of affected servers. Over 5,000 instances of Monsta FTP were found to be vulnerable. The vulnerability is being actively exploited in the wild, with reports of attackers dropping webshells and compromising systems. The flaw resides in the downloadFile function and is triggered by crafted POST requests. The API endpoint used for exploitation is not explicitly mentioned. The vulnerability allows attackers to upload payloads and gain server-level code execution.

Recommendations Update Monsta FTP to version 2.11.3 or later to patch the vulnerability. Restrict API access to trusted IPs. Implement network segmentation to isolate critical assets. Monitor for unusual outbound SFTP/SSH connections. Deploy Web Application Firewalls with input validation and directory traversal detection. Harden server configurations by limiting write permissions and running services with least privilege. Conduct regular vulnerability assessments and patch management.